OneLogin’s one-time password (OTP) mobile app delivers unparalleled usability. Available on all major mobile platforms, OneLogin OTP lets users perform multifactor authentication with the click of a button.
Secure access to your corporate VPN and WiFi, G Suite, Office 365, Salesforce.com, and thousands of cloud applications with a second authentication factor beyond user name and password. In the event that someone steals a user’s credentials, the addition of a one-time password token is a significant barrier to prevent intruder access. OneLogin OTP is available for Android, Apple iOS, and Windows devices.
OneLogin’s OTP generator removes friction from multi factor authentication (MFA) by letting users simply respond to a push notification on their smartphone or watch during the login process. The OneLogin OTP authentication passcode is sent through your phone to OneLogin where it is validated and then the user is logged in. If the user’s mobile device is not connected to the Internet, the user can enter the one-time password on the OneLogin App Portal. As soon as OneLogin receives a valid one-time password, the user is logged in.
First, users install the OneLogin OTP mobile app, available on the Apple, Android, and Microsoft app stores. Then users sign into OneLogin App Portal and follow instructions to register their mobile app instance with their OneLogin account. Once registered, the user can provide a valid one-time password when signing into OneLogin.
OneLogin’s OTP solution is based on RFC 6238 – A Time-Based One-Time Password Algorithm, which was designed by VeriSign, Symantec and others. The RFC describes how two endpoints with synchronized clocks can exchange a secure one-time password based on the HMAC algorithm. One-time passwords are valid for 30 seconds, but the implementation of the algorithm is able to tolerate some time drift on the mobile device in order to increase reliability of the solution.